Connecting JIRA to Active Directory over LDAPS fails with "Connection reset"

Still need help?

The Atlassian Community is here for you.

Ask the community

This article only applies to Atlassian's server products. Learn more about the differences between cloud and server.

Problem

When setting up an Active Directory connection in JIRA over LDAPS (Secure LDAP), the synchronization will fail with the below error message.

2015-06-20 17:36:28,373 atlassian-scheduler-quartz1.clustered_Worker-3 ERROR      [atlassian.scheduler.core.JobLauncher] Scheduled job with ID 'com.atlassian.jira.crowd.embedded.JiraDirectoryPollerManager.10401' failed
org.springframework.ldap.CommunicationException: 192.168.1.100:636; nested exception is javax.naming.CommunicationException: 192.168.1.100:636 [Root exception is java.net.SocketException: Connection reset]

Diagnosis

Environment

  • Active Directory 2012 (and R2) connected over LDAPS;
  • Java 8;

(info) Other environments might be affected as well, in case you face a problem such as this one, please inform environment specifications on the comments.

Diagnostic Steps

  • Analyzing a tcpdump generated during the synchronization attempt will show multiple RST packets sent by the AD server;

Cause

By default, JIRA only uses pooled connections when connecting to a directory server over LDAP. Enabling SSL causes it to disable the pooling, resulting in poorer performance and failures due to connection resets. 

Workaround

In order to circumvent the problem, we can enable the SSL connections pooling by adding the below argument to JIRA's startup options.

-Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'

Resolution

The inclusion of this startup parameter by default has been suggested on JRA-41025 - Getting issue details... STATUS .

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.